1 /* authd/providers/ident.c - ident lookup provider for authd
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
21 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
22 * moved to its own provider.
24 * --Elizafox 13 March 2016
34 #define IDENT_BUFSIZE 128
38 time_t timeout
; /* Timeout interval */
39 rb_fde_t
*F
; /* Our FD */
42 /* Goinked from old s_auth.c --Elizafox */
43 static const char *messages
[] =
45 ":*** Checking Ident",
46 ":*** Got Ident response",
47 ":*** No Ident response",
57 static EVH timeout_ident_queries_event
;
58 static CNCB ident_connected
;
59 static PF read_ident_reply
;
61 static void client_fail(struct auth_client
*auth
, ident_message message
);
62 static void client_success(struct auth_client
*auth
);
63 static char * get_valid_ident(char *buf
);
65 static struct ev_entry
*timeout_ev
;
66 static int ident_timeout
= 5;
69 /* Timeout outstanding queries */
71 timeout_ident_queries_event(void *notused
)
73 struct auth_client
*auth
;
74 rb_dictionary_iter iter
;
76 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
78 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
80 if(query
!= NULL
&& query
->timeout
< rb_current_time())
81 client_fail(auth
, REPORT_FAIL
);
86 * ident_connected() - deal with the result of rb_connect_tcp()
88 * If the connection failed, we simply close the auth fd and report
89 * a failure. If the connection suceeded send the ident server a query
90 * giving "theirport , ourport". The write is only attempted *once* so
91 * it is deemed to be a fail if the entire write doesn't write all the
92 * data given. This shouldnt be a problem since the socket should have
93 * a write buffer far greater than this message to store it in should
94 * problems arise. -avalon
97 ident_connected(rb_fde_t
*F
, int error
, void *data
)
99 struct auth_client
*auth
= data
;
100 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
104 /* Check the error */
107 /* We had an error during connection :( */
108 client_fail(auth
, REPORT_FAIL
);
112 snprintf(authbuf
, sizeof(authbuf
), "%u , %u\r\n",
113 auth
->c_port
, auth
->l_port
);
114 authlen
= strlen(authbuf
);
116 if(rb_write(query
->F
, authbuf
, authlen
) != authlen
)
118 client_fail(auth
, REPORT_FAIL
);
122 read_ident_reply(query
->F
, auth
);
126 read_ident_reply(rb_fde_t
*F
, void *data
)
128 struct auth_client
*auth
= data
;
129 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
134 char buf
[IDENT_BUFSIZE
+ 1]; /* buffer to read auth reply into */
136 len
= rb_read(F
, buf
, IDENT_BUFSIZE
);
137 if(len
< 0 && rb_ignore_errno(errno
))
139 rb_setselect(F
, RB_SELECT_READ
, read_ident_reply
, query
);
147 if((s
= get_valid_ident(buf
)))
151 while (*s
== '~' || *s
== '^')
154 for (count
= USERLEN
; *s
&& count
; s
++)
160 if(*s
!= ' ' && *s
!= ':' && *s
!= '[')
171 client_fail(auth
, REPORT_FAIL
);
173 client_success(auth
);
177 client_fail(struct auth_client
*auth
, ident_message report
)
179 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
181 rb_strlcpy(auth
->username
, "*", sizeof(auth
->username
));
185 auth
->data
[PROVIDER_IDENT
] = NULL
;
187 notice_client(auth
->cid
, messages
[report
]);
188 provider_done(auth
, PROVIDER_IDENT
);
192 client_success(struct auth_client
*auth
)
194 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
198 auth
->data
[PROVIDER_IDENT
] = NULL
;
200 notice_client(auth
->cid
, messages
[REPORT_FOUND
]);
201 provider_done(auth
, PROVIDER_IDENT
);
205 * parse ident query reply from identd server
207 * Taken from old s_auth.c --Elizafox
209 * Inputs - pointer to ident buf
210 * Outputs - NULL if no valid ident found, otherwise pointer to name
211 * Side effects - None
214 get_valid_ident(char *buf
)
222 char *remotePortString
;
224 /* All this to get rid of a sscanf() fun. */
225 remotePortString
= buf
;
227 colon1Ptr
= strchr(remotePortString
, ':');
233 colon2Ptr
= strchr(colon1Ptr
, ':');
239 commaPtr
= strchr(remotePortString
, ',');
247 remp
= atoi(remotePortString
);
251 locp
= atoi(commaPtr
);
255 /* look for USERID bordered by first pair of colons */
256 if(!strstr(colon1Ptr
, "USERID"))
259 colon3Ptr
= strchr(colon2Ptr
, ':');
271 timeout_ev
= rb_event_addish("timeout_ident_queries_event", timeout_ident_queries_event
, NULL
, 1);
272 return (timeout_ev
!= NULL
);
278 struct auth_client
*auth
;
279 rb_dictionary_iter iter
;
281 /* Nuke all ident queries */
282 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
284 if(auth
->data
[PROVIDER_IDENT
] != NULL
)
285 client_fail(auth
, REPORT_FAIL
);
289 static bool ident_start(struct auth_client
*auth
)
291 struct ident_query
*query
= rb_malloc(sizeof(struct ident_query
));
292 struct rb_sockaddr_storage l_addr
, c_addr
;
296 auth
->data
[PROVIDER_IDENT
] = query
;
297 query
->timeout
= rb_current_time() + ident_timeout
;
299 if((F
= rb_socket(family
, SOCK_STREAM
, 0, "ident")) == NULL
)
301 client_fail(auth
, REPORT_FAIL
);
302 return true; /* Not a fatal error */
307 /* Build sockaddr_storages for rb_connect_tcp below */
308 memcpy(&l_addr
, &auth
->l_addr
, sizeof(l_addr
));
309 memcpy(&c_addr
, &auth
->c_addr
, sizeof(c_addr
));
311 /* Set the ports correctly */
313 if(GET_SS_FAMILY(&l_addr
) == AF_INET6
)
314 ((struct sockaddr_in6
*)&l_addr
)->sin6_port
= 0;
317 ((struct sockaddr_in
*)&l_addr
)->sin_port
= 0;
320 if(GET_SS_FAMILY(&c_addr
) == AF_INET6
)
321 ((struct sockaddr_in6
*)&c_addr
)->sin6_port
= htons(113);
324 ((struct sockaddr_in
*)&c_addr
)->sin_port
= htons(113);
326 rb_connect_tcp(F
, (struct sockaddr
*)&c_addr
,
327 (struct sockaddr
*)&l_addr
,
328 GET_SS_LEN(&l_addr
), ident_connected
,
329 query
, ident_timeout
);
331 notice_client(auth
->cid
, messages
[REPORT_LOOKUP
]);
332 set_provider_on(auth
, PROVIDER_IDENT
);
338 ident_cancel(struct auth_client
*auth
)
340 struct ident_query
*query
= auth
->data
[PROVIDER_IDENT
];
343 client_fail(auth
, REPORT_FAIL
);
347 struct auth_provider ident_provider
=
349 .id
= PROVIDER_IDENT
,
351 .destroy
= ident_destroy
,
352 .start
= ident_start
,
353 .cancel
= ident_cancel
,